I checked out the example iptables firewall, and I would like to suggest an alternative. This firewall setup is very comprehensive yet simple. It is written as an init.d file, accepting "start" "stop" and "restart" targets so you can automatically bring up your firewall on boot.
This is a "workstation firewall" not intended for providing services (like web service via apache). If you want to run services on your box, you have specifically open them up (as the ssh service is below). ---------- /etc/init.d/local-firewall #!/bin/bash case "$1" in start) modprobe -q ip_tables modprobe -q ip_conntrack_ftp echo "Configuring firewall." # Policy on the input chain is to drop iptables -P INPUT DROP # Accept local traffic on the loopback network iptables -I INPUT -j ACCEPT -d 127.0.0.1 -i lo # Existing connections allowed iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Accept icmp stuff so we can ping and be pinged iptables -A INPUT -p icmp -j ACCEPT # Accept port 22 ssh connections from the Truman address space iptables -A INPUT -j ACCEPT -s 150.243.0.0/16 -p tcp --syn --dport 22 # Accept port 113 auth (ident) connections iptables -A INPUT -j ACCEPT -p tcp --syn --dport 113 # If we want to use X11 via xdmcp we open these #iptables -A INPUT -j ACCEPT -s 150.243.0.0/16 -p tcp --syn --dport 6000:6007 #iptables -A INPUT -j ACCEPT -s 150.243.0.0/16 -p udp --dport 6000:6007 # LAST RULE iptables -A INPUT -j REJECT $0 status ;; stop) echo "Stopping firewall." iptables -P INPUT ACCEPT iptables -F INPUT ;; restart) $0 stop sleep 1 $0 start ;; status) # Show what we've got iptables -n -L INPUT ;; *) printf "Usage: $0 {start|stop|restart|status}\n" >&2 exit 1 ;; esac ---------- -- Don Bindner <[EMAIL PROTECTED]>